Get the lowest price ever on AirPods Max 2 over-ear headphones.
Apple’s new AirPods Max 2 have dropped to the lowest price ever, making now a great time to pick up the over-ear headphones as a gift for Mom this Mother’s Day.
AirPods Max 2 are now $40 off at Amazon and Walmart, as both retailers compete for your business this week.
With Mother’s Day on May 10, there’s still time to pick up a pair for Mom and have them delivered by Sunday (check the ETA for your individual shipping address, though, to confirm).
Advertisement
Apple AirPods Max 2 features
AirPods Max 2, which were announced in March 2026, are equipped with Apple’s H2 chip. The chip offers enhanced sound quality and better Active Noise Cancellation (ANC) compared to the first-generation AirPods Max.
About AirPods Max 2
Powered by Apple’s H2 chip
Up to 1.5x more Active Noise Cancellation than first-gen AirPods Max
Transparency mode
Adaptive EQ
Lossless Audio and ultra-low latency audio via a wired USB-C connection (requires a supported service)
If you’re open to buying the first-gen AirPods Max, closeout deals are in effect on remaining inventory, with Amazon running a $100 discount on the purple colorway, bringing the price down to $449.
Roles span eGates, passports, visas, asylum applications, and enterprise services – yours for up to £105K
The Home Office’s digital division
is recruiting three chief technology officers (CTOs) for
migration and borders and enterprise services, each paid
£81,000 to £105,000 a year.
It is looking for two CTOs for
Migration and Borders Digital, which runs passport control eGates and
electronic travel authorizations, which people notice when they go down or start working differently. The unit’s other high-profile systems include those
supporting passenger data services, digital identity, visas, asylum
applications, and immigration status.
Advertisement
“Applying for a passport is now a
seamless, self-service experience where renewals are printed and
dispatched in just 48 hours,” writes Mike McCarthy, the
department’s director general for digital and innovation, in
material published with the job ad. “Our airport eGates support 76
million UK border crossings each year, with digitally assisted
electronic travel authorisation decisions made in just 45 seconds.”
“These aren’t just technical
achievements. They are real, measurable changes to improve millions
of people’s lives, and we’re extremely proud of the difference
we’ve made so far,” he adds of Home Office Digital, the name the department has adopted for its IT function.
McCarthy is himself a recent recruit,
having joined the Home Office in January after working for consultancy McKinsey and spending eight years in the British Army’s Corps of Royal Engineers. According to the job ad from last September, he is paid £160,000 and
oversees 4,000 people with a budget of £1.8 billion.
Home Office Digital is also looking
for a CTO for its enterprise services unit, which designs, builds, and
operates core services including networks, end user services, and
operational support for more than 35,000 users. McCarthy writes that
the department has “moved most of our technology services into the
cloud, saving money while boosting efficiency.”
Advertisement
The department expects successful
applicants to agree to serve for at least three years, although this
is not a contractual requirement, and undertake the Security Check
level of national security clearance. They can be based in Cardiff,
Croydon, Glasgow, Manchester, or Sheffield. Applications close at 11:55pm BST on Sunday, May 24, with interviews expected to take place in early July. ®
The explosion of AI usage since 2023 is unprecedented. In terms of adoption, AI is moving faster than cloud, faster than mobile, and certainly faster than the internet did. Research group Gartner predicts that 80% of enterprises will deploy AI tools this year.
Donnchadh Casey
VP for AI Security at F5.
Advertisement
When we classify a company’s journey through AI adoption, we see maturity falling into four categories:
Category 1 is general purpose AI and productivity – think employees using ChatGPT, Gemini, CoPilot, etc
Category 2 is when organizations have internal use cases, building custom chatbots for HR or IT, for example
Category 3 includes external use cases like building public-facing GenAI applications, like customer service chatbots
Category 4 is agentic workflows which are made up of complex systems that take actions autonomously on behalf of users
These categories often run in parallel rather than in sequence, but it is in the last three categories that security becomes critical. That’s because organizations are building complex software on top of non-deterministic AI models, creating vulnerabilities that traditional firewalls simply cannot see.
Article continues below
Security is always a priority for business but, with AI, the concern is different – it’s a blind spot.
Security leaders have spent 20 years deploying and configuring firewalls and web application firewalls (WAFs) to protect the network, but those tools look at network traffic and usage, whereas AI attacks use natural language – and you can’t firewall a conversation.
That’s why 75% of CISOs are reporting AI security incidents, because their existing shields simply aren’t designed to catch these threats; why 91% have already detected attempted attacks on their AI infrastructure; and that is exactly why a whopping 94% are now prioritizing testing of their AI systems.
Advertisement
New categories of cognitive attacks
There are plenty of real-world examples of how AI is changing the threat model. A breach at Asana last summer stemmed from a tenant-isolation logic flaw in the MCP server that allowed cross-organization data exposure.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
That’s a classic multi-tenant bug but it’s more dangerous in LLM systems because leaked data appears as fluent language, which makes it much more difficult to detect.
Meanwhile, an incident at Lenovo reflected a different failure: broken trust boundaries. Prompt injection redefined a Lenovo chatbot’s role and the back-end systems trusted its tool requests without enforcing server-side authorization. The issue wasn’t the AI model ignoring rules but authorization being delegated to it.
Advertisement
These are just two examples that map to a much broader emerging risk landscape. Organizations aren’t just dealing with code vulnerabilities any more, they are facing entirely new categories of cognitive attacks, including:
Prompt injection, both direct and indirect
Data poisoning during the training phase
Sophisticated jailbreak techniques like symbolic language attacks
Token compression, where attackers hide malicious instruction in formats that the AI model(s) can read but humans can’t
While traditional security guardrails handle deterministic input, prompt injection and other natural language attacks are semantic problems, not pattern-matching ones. These aren’t isolated bugs; they are systemic business risks introduced by new AI-driven architectures.
The industry is racing to categorize these AI vulnerabilities. There are frameworks emerging like the OWASP Top 10 for GenAI and Agentic Applications, Mitre Atlas and the NIST AI Risk Management Framework but we don’t have a definitive database or unified standard for what secure actually looks like.
Advertisement
The old approach can’t keep up
The pressure on industry right now to ship AI is existential. Developers are using AI to write code ten times faster than ever before; organizations are literally shipping new features, and even products, overnight.
At the same time, regulation is accelerating matters on the compliance side.
The EU AI Act, for example, explicitly calls for adversarial testing for high-risk and general-purpose AI systems. In practice, that means that purpose-built red-teaming – testing AI systems with simulated adversarial attacks – must now be considered a core component of the AI security stack, and in a way that addresses the real-world challenges these systems face.
So, CISOs and security teams are expected to secure changes that are happening at machine speed. How? By manually typing prompts into a chat box? It feels like trying to stop a tsunami with a bucket. The math doesn’t work. The speed doesn’t work. The AI attack surface is fundamentally different and the old approach can’t keep up.
Advertisement
It’s clear that traditional red-teaming is ineffective and AI red-teaming is needed to resolve the tension point of speed versus control. From speaking to customers, helping them to secure their AI systems, there are four key areas we need to consider:
Threat evolution: AI attacks evolve faster than static test suites. As soon as checks are automated, the AI model or the attack changes, and security teams end up maintaining tests instead of reducing risk.
Agent complexity: because AI agents aren’t deterministic systems, once you add retrieval, tools, memory, there are almost infinite permutations. You are no longer testing code, you’re testing a conversation that changes based on context.
Automation and scale: manual red-teaming does not scale for these systems. One chatbot may be manageable. Hundreds or thousands of chatbots are not. You can’t rely on humans to replay thousands of adversarial conversations every time the model or the system prompt is updated
Actionable reporting: findings must be reproduceable and actionable. ‘The bot behaved badly’ is not actionable. Engineers need the conversation parameters and trigger conditions, otherwise the fixes, the remediations, will stall.
Ensuring AI systems behave as intended, even under attack
These are the real-world gaps that security teams are trying to close right now, and the reasons why AI red-teaming is coming to the forefront. For example, one of our customers is a global bank, operating in a highly regulated environment.
When we first engaged with them, they had over 50 AI use cases across HR, procurement and cyber but they couldn’t ship any of them because they couldn’t prove safety to their internal auditors.
AI red-teaming gave the bank the evidence it needed to understand how its AI systems actually behaved – where data could leak, how prompts could be abused, and where controls broke down in their environment.
Advertisement
This customer is taking the findings from red-teaming to improve its defensive posture with custom security controls. This combination allows the bank to scale AI across the business with confidence in their security posture and governance program.
In the public sector, meanwhile, the imperative shifts from voluntary testing to mandatory – guided by agencies including NIST and CISA – such as conducting adversarial stress tests to identify mission-critical risks like the weaponization of biological data.
Here, AI red-teaming isn’t just about reducing risk, it’s about maintaining authority to operate and mission continuity.
In other words, whether you’re protecting customer data or public services, the requirement is the same – continuous, evidence-backed assurance that AI systems behave as intended, even when someone is trying to break them.
Advertisement
Deploying enterprise AI with confidence
It’s clear that enterprises deploying AI need automated testing against known vulnerabilities just to establish a baseline. Context is the new attack surface; static defenses fail against agentic attacks so they must test workloads, not just models.
Finally, compliance is a competitive advantage. With the right reporting, security stops being a blocker and becomes the enabler that gets an enterprise’s AI to market faster. In that world, the 80% of enterprises that plan to deploy AI this year can do so with confidence rather than fear, whatever phase of their journey they’re on.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
The lawsuit alleges that a series of updates pushed to certain Roku-powered TVs introduced recurring issues that, in some cases, rendered the devices unusable. The models named include Roku Select Series and Roku Plus Series sets, along with TCL’s 3-, 4-, 5-, and 6-series TVs running Roku OS. Read Entire Article Source link
Valve has released CAD files for the new Steam Controller and its Puck under a Creative Commons license. “The idea is to let enterprising modders create their own Steam Controller add-ons, like skins, charging stands, grip extenders or smartphone mounts,” reports Digital Foundry. From the report: The Valve release includes files for the external shell (“surface topology”) of the Controller and Puck, with a .STP, .STL and engineering diagram of each device, with the latter showing areas that must remain uncovered to let the device maintain its signal strength and otherwise function as designed. Valve has previously released CAD files for its Steam Deck handheld, Valve Index VR suite and even the original Steam Controller a decade ago, so this release is welcomed but not unexpected.
The release is under a fairly restrictive Creative Commons license which allows for non-commercial use and requires attribution and sharing of designs back to the community. However, the license also suggests that commercial entities interested in making accessories for the Steam Controller or its Puck can contact Valve directly to discuss terms. You can find the files here.
Sam Altman’s management style came under scrutiny on the seventh day of Elon Musk’s high-stakes OpenAI trial, as former OpenAI figures Mira Murati, Shivon Zilis, and Helen Toner took the stand to testify about their experiences working with him. Their testimony resurfaced many of the criticisms that first emerged during Altman’s brief ouster as CEO in 2023. An anonymous reader quotes a report from Business Insider: The first witness was Mira Murati, OpenAI’s former chief technology officer and now founder of her own AI shop, Thinking Machines Lab. Jurors watched a recorded video deposition of Murati, who was also OpenAI’s interim CEO after the board briefly ousted Sam Altman. Murati’s testimony focused on her concerns about Altman’s “difficult and chaotic” management style. She said Altman had trouble “making decisions on big controversial things.” He also had a habit of telling people what they wanted to hear.
“My concern was about Sam saying one thing to one person and a completely different thing to another person, and that makes it a very difficult and chaotic environment to work with,” said Murati. Murati said that her issue with Altman was not about safety, “it is about Sam creating chaos.” She said she supported Altman’s return to OpenAI because the company “was at catastrophic risk of falling apart” at the time of his ousting. “I was concerned about the company completely blowing up.”
Zilis said she was upset that Altman rolled out ChatGPT without involving the board. “It wasn’t just me but the entire board raised concern about that whole thing happening without any board communication,” she said. Zilis said she was also concerned about a potential OpenAI deal with a nuclear energy startup called Helion Energy because both Altman and Greg Brockman were investors. Although the executives had disclosed the investment to the board, Zilis said the deal talk made her uneasy. It “felt super out of left field,” she said. “How is it the case that we want to place a major bet on a speculative technology?”
In a video deposition, Helen Toner, a former member of OpenAI’s board who resigned in 2023, said she first became aware of ChatGPT’s release when an OpenAI employee asked another board member whether the board was aware of the development. […] Toner also elaborated on why the board, including herself, voted to remove Altman as CEO in 2023. “There were a number of things — the pattern of behavior related to his honesty and candor, his resistance of board oversight, as well as the concerns that two os his inner management team raised to the board about his management practices, his manipulation of board processes,” said Toner. Recap:
Autonomous tanker drone completed two-hour maiden flight validating core flight systems
MQ-25A will replace fighter jets in aerial refueling role aboard carriers
Further testing planned before transition to carrier qualification operations in Maryland
The US Navy’s MQ-25A Stingray autonomous tanker drone, the service’s first operational unmanned aerial refueler, has completed its maiden flight.
The two-hour test took place over southern Illinois, where the aircraft carried out a series of maneuvers to validate its basic flight controls and onboard operations.
During the mission, the drone followed a predetermined plan which saw it taxi, take off, fly, and land autonomously, all triggered through commands issued from the Unmanned Carrier Aviation Mission Control System MD-5 Ground Control Station.
Article continues below
Advertisement
Navy plans autonomous operations
Air Vehicle Pilots set the route and defined waypoints before launch, then monitored performance throughout the flight and retained the ability to abort or adjust the mission if required.
The aircraft handled propulsion, guidance, subsystems, and flight controls on its own once the mission began, showing how the U.S. Navy plans to run autonomous operations while keeping human oversight in the loop.
Advertisement
“Today’s successful flight builds on years of learning from our MQ-25A T1 prototype and represents a major maturation of the program,” said Dan Gillian, vice president and general manager, Boeing Air Dominance.
“The MQ-25A is the most complex autonomous system ever developed for the carrier environment, and this historic achievement advances us closer to safely integrating the Stingray into the carrier air wing.”
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The Stingray fills a very specific gap in carrier operations, taking over the aerial refueling role that currently falls to F/A-18 Super Hornets, and freeing them to return to strike and combat roles.
Advertisement
Rear Adm. Tony Rossi, the U.S. Navy’s program executive officer for unmanned aviation and strike weapons, said, “The MQ-25A is not just an aircraft: it’s the first step in integrating unmanned aerial refueling onto the carrier deck, directly enabling our manned fighters to fly further and faster.”
Earlier testing using the MQ-25A T1 prototype helped lay the groundwork for this flight, with that earlier demonstrator logging roughly 125 flight hours to prove the concept before production aircraft took over.
DefenseScoopreports the test also validated the Rolls-Royce AE 3007N engine and confirmed integration with the ground control system that operators will rely on once the aircraft moves into carrier testing.
More test flights are scheduled from MidAmerica St. Louis Airport before the aircraft transitions to Naval Air Station Patuxent River in Maryland, where preparations for aircraft carrier qualification flights will begin.
In a crowded market where there are so many fantastic coffee machines, the KitchenAid Semi-Automatic Espresso Machine stands out by being one of the better-looking options on the market. Not only does it look premium, but it feels it too. This machine is solidly built, and the supplied accessories including the removable bean hopper, porta filter and tamper, have a decent amount of weight to them, further adding to the overall premiumness of the machine.
It’s available in a range of colors, but I feel my review unit in Porcelain (white) will be the easiest to match with kitchen decor (although I have to admit taking a fancy to the Juniper green, too).
Advertisement
If you want to get hands-on with your coffee-making process, it makes the process easier by way of a flat-bottom porta filter that I think should become customary on all coffee machines of this type. This design choice is a stroke of genius, giving you a far greater ability to apply a good amount of tamping pressure, essential for extracting a good shot of espresso.
While it does have ‘semi-automatic’ in its name, this only really applies to the amount of coffee grounds it will dispense into the porta filter. You decide how much that is, the grind size and, if you want milk with your coffee, that’s a manual process too.
Figuring out the optimal settings for your personal taste will, therefore, require some trial and error, but if you’re considering buying a coffee machine like this one, that’s likely something you’ve already considered and are happy to get involved with.
Advertisement
Some assistance is given, such as an ideal window of pressure shown in a pressure gauge, so you’ll know if you’ve put the right amount of coffee and applied the right amount of pressure when tamping. Once you’ve completed these steps, the KitchenAid Semi-Auto produces a wonderful shot of espresso. Taking all of this into account, I consider it to be one of the best bean-to-cup coffee makers.
It’s not short of competition in terms of price and features, and there are other models that offer greater usability, such as smart tamping and dosing systems — the De’Longhi La Specialista Touch, for example. Despite that, I think it’s competitively priced and can regularly be found with a discount, which only adds to its value.
Sign up for breaking news, reviews, opinion, top tech deals, and more.
The KitchenAid Semi-Automatic Espresso Machine launched worldwide a couple of years ago in 2024. It remains on sale today and more often than not, for the same price as when it launched. With a list price of $699.99 / £699 / AU$899, it’s fairly priced, but is arguably better value in Australia if you take direct currency conversions into account.
This KitchenAid machine is relatively light on features, offering just the basics of at-home coffee making, in the form of an integrated burr grinder, steam wand and hot water spout. In terms of price, it’s not short of competition, but some price-comparable alternatives offer more in the way of features.
These include the Breville Barista Express (Sage Barista Express in the UK) for $699.95 / £629 / AU$599, the Ninja Luxe Cafe with a price tag of $599.90 / £549.99 / AU$799.99 and the De’Longhi La Specialista Arte Evo costing $699.95 / £499 / AU$649. In Australia, it gains another competitor in the form of the Sunbeam Origins Sense, which is now regularly available for under AU$700.
All offer a built-in grinder, varying levels of customization and a built-in steam wand. The Ninja and De’Longhi machines are able to produce cold-brew coffee, for example, something not on the KitchenAid’s menu. The Ninja Cafe Luxe also takes care of the grinding and tamping process for you, offering a more hands-off approach.
However, at the time of writing, this KitchenAid machine is on the receiving end of discounts of up to 30% direct from the maker in the US, UK and Australia.
The KitchenAid Semi-Automatic Espresso Machine is a relatively compact appliance with dimensions measuring 39.5 x 33.5 x 28.1cm (HWD), making it ideal for small kitchens or those who simply can’t spare the countertop space. At 23.6lbs / 10.7kg it’s quite a heavy unit, though, but its weight gives it added stability that prevents it from moving around when inserting and removing the porta filter.
KitchenAid is known for its chic color choices across its wider range of appliances and that’s the case here too. My review unit was the Porcelain (white) color with gloss finish, which is a standout for me, being easily matched with any kitchen decor. Other colors include Cast Iron Black, Candy Apple (red), Juniper and Stainless Steel.
Advertisement
This espresso machine is relatively light on button count, with the few available serving more than one purpose. The power button is on the left, while the start/stop button is on the opposite side. The middle is where most of the magic happens. The top left button will likely be used the most as it cycles through functions to pour the espresso shot, pour hot water and activate the steam wand.
There are also buttons to select a single or double shot, and to adjust the temperature of the water. Finally there’s a button to use when cleaning the machine.
The other main control is a silver dial that sets the dosage amount of coffee to be ground into the porta filter, and a lever to adjust the grind size. Pressing the central button begins dispensing the selected amount of coffee.
As with all coffee machines that require a hands-on approach, figuring out the grind size and grind amount for both single and double espresso is part of the fun, but requires plenty of trial and error. This is because the type of coffee beans you use will have an effect on the yield and, further to that, how they behave when being brewed. For example, a darker roast tends to perform better with a coarser setting than a medium roast due to the way it breaks apart when going through the grinder.
Advertisement
I used medium-dark roast coffee beans for this review and found turning the double shot dial to around 4 o’clock, and the grind setting to five lines from the right, yielded good results. While you can invest in scales to ensure you get the ideal amount — around 8g of ground coffee is often considered a good starting point for a single shot of espresso and 18g is considered optimal for a double — KitchenAid has added a small line in the porta filter baskets to indicate the ideal point where the coffee should line up once it’s been tamped.
You don’t want to go over this line, as doing so will create too much pressure during the brewing process, resulting in your coffee dripping out of the porta filter. A pressure gauge on the front of the machine shows an ideal window for a good espresso shot and, on a couple of occasions during my testing, the needle did go beyond it, resulting in the aforementioned drip pour.
Image 1 of 3
(Image credit: Future / Max Langridge)
(Image credit: Future / Max Langridge)
(Image credit: Future / Max Langridge)
Speaking of the porta filter, I didn’t realize that a totally flat-bottomed one could be such a revelation! Every other porta filter I’ve used has two spouts protruding out the bottom; here, they’re integrated. This small design touch meant I could be a lot more confident when tamping, planting the porta filter firmly on a table and allowing me to apply force to pack the coffee grounds tightly enough. Porta filters with protruding spouts, however, require careful balancing when tamping.
This flat-bottomed porta filter is a commercial-size 58mm, and is satisfyingly weighty, which gave me added peace of mind that the KitchenAid machine has been made with care. The 58mm size has several benefits, including being used with a variety of tools and accessories — such as weighted tampers — to help achieve a well-extracted shot.
Advertisement
The 2.5L water tank at the rear of the machine features an integrated handle to help you remove it. This is one of the largest water tanks I’ve personally come across in a coffee machine, bigger than the Breville Oracle Jet’s (Sage in the UK) 2.3L tank. A water filter is supplied, which clips into a separate plastic handle. I had a little trouble at first getting the two pieces that hold the filter in place to clip together, despite following the instructions to leave the filter soaking in water for 5 minutes. I left it out of the water for a few days, after which it all clipped together as intended.
(Image credit: Future / Max Langridge)
The KitchenAid Semi Automatic Espresso Machine also features an integrated steam wand with a silicone handle for safer handling, and a hot water spout. The steam wand is a traditional one, that meaning there’s no built-in thermometer like you’ll find on other machines such as the De’Longhi La Specialista Touch and Sunbeam Origins Sense, so you’ll need to rely on physical touch with the milk pitcher, or a use a separate food-grade thermometer, to determine when your milk is ready.
In the box is also a removable bean hopper, tamper (which is also well weighted), a 355ml milk pitcher (which does admittedly feel cheaper compared to the other accessories), single- and double-wall filter baskets in single- and double-shot sizes, and a cleaning brush.
A walnut wood accessory kit is available to buy separately for $249.99 / £229 / AU$349. This kit includes a bean hopper with a walnut-wood lid, and porta filter and tamper set with walnut-wood handles.
Well-extracted espresso achievable after some experimentation
Intuitive controls with visual aids
Quick heat-up time
The KitchenAid Semi-Automatic Espresso Machine is a very capable machine, and will brew a well-extracted espresso shot with a good crema — it just requires a fair amount of trial and error to achieve it. Virtually all manual and semi-auto machines will need that little experimentation, though, so it’s by no means a dealbreaker. However, where some machines like the aforementioned De’Longhi or the Ninja Luxe Cafe will assist you in recommending the ideal grind and dosage settings, the KitchenAid leaves you to your own devices.
After loading your beans in the hopper on top of the machine — which fits up to 225g worth — you’ll need to adjust the dosage amount and grind size. If you’re brewing a single shot of espresso, you’ll move the front-mounted round to the left to adjust dosage, and to the right for a double (icons are on hand to signify this). A lever just below this dial will adjust the grind size, from coarse on the left to fine on the right. Note that the dial and lever have to be perfectly aligned with the graphic dots; if they’re not, the machine won’t operate.
You are able to personalize the amount of coffee grounds produced by pressing and holding the central button until it reaches the desired amount.
(Image credit: Future / Max Langridge)
Once you’ve selected your settings, press the button integrated into the dosage dial to set the grinder in action. This KitchenAid machine, like the brand’s fully automatic models such as the KF8, is QuietMark certified, meaning it should be whisper quiet when the grinder is in motion. And sure enough, it is. The Philips LatteGo 4400 that I use daily is ‘SilentBrew’ certified but, in truth, I find it to be relatively noisy, and measured 69dB using the Decibel X app compared to 64dB registered by the KitchenAidwhen the grinder was in motion.
Advertisement
Once the grinder has finished, give the porta filter a little wiggle to help settle the ground coffee before removing it. This machine uses anti-static technology to help ensure nothing spills over the edge and it works like a dream, unlike the Sunbeam Origins Sense that dribbled some coffee during my testing despite claiming to also benefit from similar tech.
One of the key highlights of this machine is its flat-bottomed porta filter, which allows you to plant it on a flat surface to apply tamping pressure using the supplied tamper without disbalancing it. Once you’ve inserted and locked the porta filter in place for brewing — which is another simple and fuss-free process — use the buttons on the front of the machine to select a single or double shot, then set the water temperature to one of three settings. Finally, press the play/start button and your coffee will begin brewing.
Another key highlight of this machine is that it pre-infuses before brewing. This wets the coffee puck before full pressure hits it, which makes the water flow through the grounds more uniformly for better extraction.
If you’ve adjusted the dosage and grind settings correctly and provided enough tamping pressure, you’ll be rewarded with a beautiful shot of espresso with a lovely crema. It’s unlikely you’ll get the best settings on your first try (I certainly didn’t), so be prepared for some trial and error.
Advertisement
As with the grind settings, you can personalize the amount of water used for both single and double shots by pressing and holding the start/stop button until the desired espresso amount is reached in your cup. These water volume settings will be saved for future use. To reset to factory settings, press and hold the dose button for three seconds. All indicator lights will blink to indicate settings are restored.
However, the machine doesn’t have profiles, nor can it store different settings. If you have multiple coffee drinkers at home who prefer different beverage types, then you’ll need to manually set the grind and dosage amounts each time. If so, I’d recommend keeping a note of the optimum settings somewhere.
(Image credit: Future / Max Langridge)
If you want to use the steam wand for milk foaming, you’ll first need to wait until the espresso has finished brewing as this machine doesn’t feature a dual boiler. Then press the button to switch from espresso to steam and wait a few seconds for the boiler to reheat. You’ll know when it’s done by way of a white LED on the left of the machine’s front panel. When it turns solid, you’re good to go. From here, press the same play/start button and steam will begin coming out of the wand.
As mentioned earlier, the steam wand here doesn’t have a built-in thermometer, so you’ll need to rely on touch to determine when the milk is done. I’ve had mixed results with ‘basic’ steam wands like this in the past, as some don’t provide enough pressure to effectively foam milk. That’s not the case here. I used both full-fat cow’s milk and oat milk during my testing and I was able to create a lovely textured foam each time. As with any steam wand, you need to angle it in the milk pitcher for the best results, but if you have the technique right, you’ll once again be rewarded with perfect milk.
Advertisement
The KitchenAid Semi-Automatic Espresso Machine has a descaling program to help keep it working at its best. You’ll know when it’s time, as a Clean Cycle light will blink. This didn’t happen during my testing, so I was unable to test the feature, but full instructions are provided in the user manual.
Should you buy the KitchenAid Semi Automatic Espresso Machine?
Swipe to scroll horizontally
Attribute
Notes
Advertisement
Score
Value
Competitively priced, but some price-comparable models offer more in the way of features
4 / 5
Advertisement
Design
Gorgeous looks, premium accessories and a clear button layout make this an espresso machine you’ll want to show off
5 / 5
Performance
Advertisement
After a brief period of experimentation, you’ll be rewarded with beautiful espresso, and the steam wand produces perfectly foamed milk.
5 / 5
Buy it if…
Advertisement
Don’t buy it if…
KitchenAid Semi Automatic Espresso Machine review: Also consider
KitchenAid Semi Automatic Espresso Machine review: How I tested
I tested the KitchenAid Semi-Automatic Espresso Machine over the course of a couple of weeks, using medium-dark roast coffee beans I picked up from my local supermarket. I’ve tested a few manual and semi-automatic coffee machines before, including the Sunbeam Origins Sense, so I was familiar with the process required for hands-on coffee making.
I had to experiment with the grind and dosage settings to find the ideal yield to ensure the espresso shots brewed with optimal results. I used the built-in steam wand to foam cow’s milk and oat milk, and found it produced excellent results with the correct technique.
A small study found that a single 25mg dose of psilocybin produced measurable brain changes that were still visible a month later, along with reported improvements in psychological insight, wellbeing, and mental flexibility. The Guardian reports: Evidence for the changes came from specialized scans that measured the diffusion of water along nerve bundles in the brain. They suggested that some nerve tracts had become denser and more robust after the drug was taken. While the findings are preliminary, the scientists said the opposite was seen in ageing and dementia. “It’s remarkable to see potential anatomical brain changes one month after a single dose of any drug,” said Prof Robin Carhart-Harris, a neurologist at the University of California, San Francisco, and senior author on the study. “We don’t yet know what these changes mean, but we do note that overall, people showed positive psychological changes in this study, including improved wellbeing and mental flexibility.”
[…] Writing in Nature Communications, the researchers describe another key finding. Those who had the largest spike in brain entropy after psilocybin were most likely to report deeper psychological insight and better wellbeing a month later, underlining the link between flexible thinking and improved mental health. “It suggests a psychobiological therapeutic action for psilocybin,” said Carhart-Harris. Prof Alex Kwan, a neuroscientist at Cornell University in New York, said studies in mice had shown that psychedelics can rewire connections between nerves, a form of “plasticity” that could underlie their therapeutic effects. The big question is whether the same occurs in humans. “This study comes closer than most to addressing that question, by giving evidence of lasting changes in brain structure after psychedelic use,” he said. But while the results were “exciting,” the study involved a small number of people and DTI provides an indirect and limited view of brain connections, he said.
In April 2026, the U.S. Navy delayed decommissioning its oldest active aircraft carrier — the USS Nimitz — by 10 months. The decision to keep the USS Nimitz in service was the result of the delay in the induction of the USS John F. Kennedy — a brand new aircraft carrier still undergoing sea trials — to the naval fleet. This new Ford-class aircraft carrier is expected to join service in 2027, after which the USS Nimitz can finally sail into the sunset.
As it turns out, the USS Nimitz is not the only large “flattop” — or a vessel with a full-length, flat flight deck — that has had its lifespan extended. The USS Wasp (LHD-1), an amphibious assault ship, also recently received a fresh lease on life. While these ships typically last about 40 years, which would put its decommissioning date sometime in 2029, this vessel is now scheduled to remain in service until 2034.
The USS Wasp is the first of eight Wasp-class amphibious assault ships made for the U.S. Navy. This vessel has seen a lot during its time in service and even underwent a major refurbishment in 2019, resuming active duty in July 2022. The USS Wasp is a large vessel that you may mistake for a full-fledged aircraft carrier. Stretching 844 feet long, it displaces 41,000 tons and can hold up to 31 aircraft of various types. It is commanded by a crew of over 1,200 sailors and can accommodate an additional 1,000 troops during wartime deployments.
Advertisement
Why this Wasp-class ships got a new lease on life
Robert V Schwemmer/Shutterstock
As with the USS Nimitz, the service extension for Wasp-class vessels is primarily driven by the delay in the induction of newer, more modern replacements. As of this writing, the U.S. Navy was operating seven Wasp-class amphibious assault ships. While a total of eight ships were built, the USS Bonhomme was decommissioned in 2020 after being extensively damaged in a fire. The other Wasp-class vessels in service are also being considered for extensive refurbishment and service extension, although the details of those plans remain under wraps.
These aging Wasp-class chips were intended to be complemented by the newer America-class vessels. However, the production of these newer vessels has been delayed by several years, and of the planned 11 ships, only two — the USS America (LHA-6) and the USS Tripoli (LHA-7) — have been commissioned. The next two vessels in the lineup — the USS Bougainville (LHA-8) and the USS Fallujah (LHA-9) — are still under construction, with commissioning expected after 2027 and 2031, respectively.
Just two months ago, researchers at the Data Intelligence Lab at the University of Hong Kong introduced CLI-Anything, a new state-of-the-art tool that analyzes any repo’s source code and generates a structured command line interface (CLI) that AI coding agents can operate with a single command.
Claude Code, Codex, OpenClaw, Cursor, and GitHub Copilot CLI are all supported, and since its launch in March, CLI‑Anything has climbed to more than 30,000 GitHub stars.
But the same mechanism that makes software agent-native opens the door to agent-level poisoning. The attack community is already discussing the implications on X and security forums, translating CLI-Anything’s architecture into offensive playbooks.
The security problem is not what CLI-Anything does. It is what CLI-Anything represents.
Advertisement
CLI-Anything generates SKILL.md files, the same instruction-layer artifacts that Snyk’s ToxicSkills research found laced with 76 confirmed malicious payloads across ClawHub and skills.sh in February 2026. A poisoned skill definition does not trigger a CVE and never appears in a software bill of materials (SBOM). No mainstream security scanner has a detection category for malicious instructions embedded in agent skill definitions, because the category simply did not exist eighteen months ago.
Cisco confirmed the gap in April. “Traditional application security tools were not designed for this,” Cisco’s engineering team wrote in a blog post announcing its AI Agent Security Scanner for IDEs. “SAST [static application security testing] scanners analyze source code syntax. SCA [software composition analysis] tools check dependency versions. Neither understands the semantic layer where MCP [Model Context Protocol] tool descriptions, agent prompts, and skill definitions operate.”
Merritt Baer, CSO of Enkrypt AI and former Deputy CISO at Amazon Web Services (AWS), told VentureBeat in an exclusive interview: “SAST and SCA were built for code and dependencies. They don’t inspect instructions.”
This is not a single-vendor vulnerability. It is a structural gap in how the entire security industry monitors software supply chains. This is the pre-exploitation window. CLI-Anything is live, the attack community is discussing it, and security directors who act now get ahead of the first incident report.
Advertisement
The integration layer no stack can see
Traditional supply-chain security operates on two layers. The code layer is where SAST works, scanning source files for insecure patterns, injection flaws, and hardcoded secrets. The dependency layer is where SCA works, checking package versions against known vulnerabilities, generating SBOMs, and flagging outdated libraries.
Agent bridge tools like CLI-Anything, MCP connectors, Cursor rules files, and Claude Code skills operate on a third layer between the other two. Call it the agent integration layer: configuration files, skill definitions, and natural-language instruction sets tell an AI agent what software can do and how to operate it. None of it looks like code. All of it executes like code.
Carter Rees, VP of AI at Reputation, told VentureBeat in an exclusive interview: “Modern LLMs [large language models] rely on third-party plugins, introducing supply chain vulnerabilities where compromised tools can inject malicious data into the conversation flow, bypassing internal safety training.”
Researchers at Griffith University, Nanyang Technological University, the University of New South Wales, and the University of Tokyo documented the attack chain in an April paper, “Supply-Chain Poisoning Attacks Against LLM Coding Agent Skill Ecosystems.” The team introduced Document-Driven Implicit Payload Execution (DDIPE), a technique that embeds malicious logic inside code examples within skill documentation.
Advertisement
Across four agent frameworks and five large language models, DDIPE achieved bypass rates between 11.6% and 33.5%. Static analysis caught most samples, but 2.5% evaded all four detection layers. Responsible disclosure led to four confirmed vulnerabilities and two vendor fixes.
The kill chain security leaders need to audit
Here’s the anatomy of the kill chain: An attacker submits a SKILL.md file to an open-source project containing setup instructions, code examples, and configuration templates. It looks like standard documentation. A code reviewer would wave it through because none of it is executable. But the code examples contain embedded instructions that an agent will parse as operational directives.
A developer uses an agent bridge tool to connect their coding agent to the repository. The agent ingests the skill definition and trusts it, because no verification layer exists to distinguish benign from malicious intent at the instruction level.
The agent executes the embedded instruction using its own legitimate credentials. Endpoint detection and response (EDR) sees an approved API call from an authorized process and passes it. Data exfiltration, configuration changes, and credential harvesting are all moving through channels that the monitoring stack considers normal traffic.
Advertisement
Rees identified the structural flaw that makes this chain lethal. “A significant vulnerability in enterprise AI is broken access control, where the flat authorization plane of an LLM fails to respect user permissions,” he told VentureBeat. A compromised skill definition riding that flat authorization plane does not need to escalate privileges. It already has them. Every link in that chain is invisible to the current security stack.
Pillar Security demonstrated a variant of this chain against Cursor in January 2026 (CVE-2026-22708). Implicitly trusted shell built-in commands could be poisoned through indirect prompt injection, converting benign developer commands into arbitrary code execution vectors. Users saw only the final command. The poisoning happened through other commands the IDE never surfaced for approval.
The evidence is already in production
In a documented attack chain from April 2026, a crafted GitHub issue title triggered an AI triage bot wired into Cline. The bot exfiltrated a GITHUB_TOKEN, which the attacker used to publish a compromised npm dependency that installed a second agent on roughly 4,000 developer machines for eight hours. There was just one issue title. Attackers had eight hours of access. No human approved the action.
Snyk’s ToxicSkills audit scanned 3,984 agent skills from ClawHub, the public marketplace for the OpenClaw agent framework, and skills.sh in February 2026. The results: 13.4% of all skills contained at least one critical security issue. Daily skill submissions jumped from less than 50 in mid-January to more than 500 by early February. The barrier to publishing was a SKILL.md markdown file and a GitHub account one week old. No code signing. No security review. No sandbox.
Advertisement
OpenClaw is not an outlier. It is the pattern. “The bar to entry is extremely low,” Baer said. “Adding a skill can be as simple as uploading a Word doc or lightweight config file. That’s a radically different risk profile than compiled code.” She pointed to projects like ClawPatrol that have started cataloging and scanning for malicious skills, evidence the ecosystem is moving faster than enterprise defenses.
The ClawHavoc campaign, first reported by Koi Security in late January 2026, initially identified 341 malicious skills on ClawHub. A follow-up analysis by Antiy CERT expanded the count to 1,184 compromised packages across the platform. The campaign delivered Atomic Stealer (AMOS) through skill definitions with professional documentation. Skills named solana-wallet-tracker and polymarket-trader matched what developers actively searched for.
The MCP protocol layer carries similar exposure. OX Security reported in April that researchers poisoned nine out of 11 MCP marketplaces using proof-of-concept servers. Trend Micro initially found 492 MCP servers exposed to the internet with zero authentication; by April, that number had grown to 1,467. As The Register reported, the root issue lies in Anthropic’s MCP software development kit (SDK) transport mechanism. Any developer using the official SDK inherits the vulnerability class.
VentureBeat developed a Prescriptive Matrix by mapping the three attack layers documented in the research and incident reports above against the detection capabilities of current SAST, SCA, and agent-layer tools. Each row identifies what security teams should verify and where no scanner has coverage today.
Advertisement
Layer
Threat
Current detection
Why it misses
Advertisement
Recommended action
1. Code
Prompt injection in AI-generated code
SAST scanners
Advertisement
Most SAST tools have no detection category for prompt injection in AI-generated code
Confirm that SAST scans AI-generated code for prompt injection. If not, have an open vendor conversation this quarter.
No tool inspects the semantic meaning of agent instruction files. Baer: “We’re not inspecting intent.”
Deploy Cisco Skill Scanner or Snyk mcp-scan. Assign a team to own this layer.
Advertisement
Baer’s diagnosis of Layer 3 applies across the entire matrix: “Current scanners look for known bad artifacts, not adversarial instructions embedded in otherwise valid skills.” Cisco’s open-source Skill Scanner and Snyk’s mcp-scan represent the first tools purpose-built for this layer.
Security director action plan
Here’s how security leaders can get ahead of the problem.
Inventory every agent bridge tool in the environment. This includes CLI-Anything, MCP connectors, Cursor rules files, Claude Code skills, GitHub Copilot extensions. If the development team is using agent bridge tools that have not been inventoried, the risk cannot be assessed.
Audit agent skill sources the same way package registries get audited. Baer’s framing is precise: “A skill is effectively untrusted executable intent, even if it’s just text.” Shut off ungoverned ingestion paths until controls are in place. Stand up a review and allowlisting process for skills. The OWASP Agentic Skills Top 10 (AST01: Malicious Skills) provides the procurement framework to align controls against.
Advertisement
Deploy agent-layer scanning. Evaluate Cisco’s open-source Skill Scanner and Snyk’s mcp-scan for behavioral analysis of agent instruction files. If dedicated tooling is unavailable, require a second engineer to read every SKILL.md before installation.
Restrict agent execution privileges and instrument runtime. AI coding agents should not run with the same credential scope as the developer who invoked them. Rees confirmed the structural flaw: The flat authorization plane means a compromised skill does not need to escalate privileges. Baer’s prescription: “Instrument runtime observability. What data is the agent accessing, what actions is it taking, and are those aligned with expected behavior?”
Assign ownership for the gap between layers. The most dangerous attacks succeed because they fall between detection categories. Assign a team to own the agent integration layer. Review every SKILL.md, MCP config, and rules file before it enters the environment.
The gap that already has a name
Baer underscored the dangers of this new attack vector. “This feels very similar to early container security, but we’re still in the ‘we’ll get to it’ phase across most orgs,” she said. She added that, at AWS, it took a few high-profile wake-up calls before container security became table stakes. The difference this time is speed. “There’s no build pipeline, no compilation barrier. Just content,” she said.
Advertisement
CLI-Anything is not the threat. It is the proof case that the agent integration layer exists, that it is growing fast, and that the attacker community has already found it. The 33,000 developers who starred the repository are telling security teams where software development is heading. Eighteen months ago, the detection category for agent-integration-layer poisoning did not exist. Cisco and Snyk shipped the first tools for it in April. The window between those two facts is closing. Security directors who have not begun inventory are already behind.
You must be logged in to post a comment Login